# portal-ndax-io-cdn-en-auth.webflow.io — MALICIOUS

> portal-ndax-io-cdn-en-auth.webflow.io is flagged for phishing risk. Avoid sharing personal info and verify site legitimacy before proceeding.

## Summary
PhishDestroy identifies portal-ndax-io-cdn-en-auth.webflow.io as a high-risk domain associated with generic phishing activities. This domain attempts to deceive users by mimicking legitimate authentication portals, aiming to steal sensitive information such as login credentials. Due to its phishing nature, users are strongly advised to exercise caution and avoid interacting with the site.

The domain resolves to the IP address 172.64.151.8 and is hosted on the Webflow platform, which is often used for legitimate web hosting but can also be exploited for malicious purposes. VirusTotal analysis reveals that 11 out of 95 security vendors have flagged this domain, indicating a significant suspicion of malicious intent. The use of a subdomain structure resembling a trusted service adds to its deceptive appearance.

Currently, the domain remains active and continues to pose a threat to unsuspecting users. PhishDestroy recommends that users do not provide any personal or financial information on this site. Organizations and individuals should consider blocking access to this domain and remain vigilant for similar phishing attempts. Reporting suspicious activity related to this domain to cybersecurity authorities can aid in mitigating its impact.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 404)

## Domain Intelligence
- IP: 172.64.151.8
- Nameservers: NS_NOT_FOUND

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "Chong Lua Dao", "CyRadar", "ESET", "Emsisoft", "Fortinet", "LevelBlue", "Lionic", "Netcraft", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cf920-1931-7316-9b05-dfa82df65396.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f0d1fa3b-c993-4085-9c67-49f1041b0ade
- PhishDestroy: https://phishdestroy.io/domain/portal-ndax-io-cdn-en-auth.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/portal-ndax-io-cdn-en-auth.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/portal-ndax-io-cdn-en-auth.webflow.io/
Last updated: 2026-03-19